CVE-2021-33224: Malicious File Upload
First published: Fri Feb 24 2023(Updated: )
File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Umbraco Umbraco Forms | =8.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-33224?
The severity of CVE-2021-33224 is critical with a score of 9.8.
How does the vulnerability in Umbraco Forms v.8.7.0 affect the software?
The vulnerability affects Umbraco Forms v.8.7.0.
What is the vulnerability in Umbraco Forms v.8.7.0?
The vulnerability in Umbraco Forms v.8.7.0 is a file upload vulnerability that allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.
How can unauthenticated attackers exploit CVE-2021-33224?
Unauthenticated attackers can exploit CVE-2021-33224 by uploading a crafted web.config and asp file.
Are there any references available for CVE-2021-33224?
Yes, there are references available for CVE-2021-33224. You can find them at http://umbraco.com and https://our.umbraco.com/packages/developer-tools/umbraco-forms.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/umbraco
- canonical/umbraco umbraco forms
- version/umbraco umbraco forms/8.7.0